jump to navigation

So Entangled Linux … SELinux August 31, 2006

Posted by TSAI HONG-BIN in Linux.

Lately I’m assigned to study selinux and have an indepth understanding about this complicated stuff. What so called “pioneer” or “leading technology” directly equals “not handy”, “all you got is man” and “RTFS” (Read The Fxxking Source).

Well, the idea of MAC is not new. Its implementation is never hard, but complicated. If you ever build a website for enterprise customers, you’ll know what I’m saying. The design of access control toward web pages, moduels, functions…etc is just as it is employed in SELinux, a matrix (called “access vector” in SELinux). What makes it so much like in a extremely geek world is its enganglement with operating system.

When writing an access control module for a website, all you have to care is database design and programming logic. What if we want to write an access control module in an operating system? Then you have to take good care of boot-up, file system, processes, sockets… blah blah. Besides, you’ll need to hack (well, not so hacking, but it feels like a hacker’s job) into the kernel, stuff hooks in, then wrap it up again. This, is what “Linux Security Module” doing.

So, now, I registered to redhat selinux mailling list, to absorb some “selinux pros” atmosphere…



No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: